ma1 pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
-
5a97ba07
by hackademix at 2023-12-19T10:22:07+01:00
1 changed file:
Changes:
| ... | ... | @@ -258,18 +258,32 @@ HOME="${PWD}" |
| 258 | 258 | export HOME
|
| 259 | 259 | |
| 260 | 260 | # Prevent disk leaks in $HOME/.local/share (tor-browser#17560)
|
| 261 | +function erase_leaky() {
|
|
| 262 | + local leaky="$1"
|
|
| 263 | + [ -e "$leaky" ] &&
|
|
| 264 | + ( srm -r "$leaky" ||
|
|
| 265 | + wipe -r "$leaky" ||
|
|
| 266 | + find "$leaky" -type f -exec shred -u {} \; ;
|
|
| 267 | + rm -rf "$leaky"
|
|
| 268 | + ) > /dev/null 2>&1
|
|
| 269 | +}
|
|
| 261 | 270 | local_dir="$HOME/.local/"
|
| 262 | 271 | share_dir="$local_dir/share"
|
| 263 | -if [ -d "$share_dir" ]; then
|
|
| 264 | - ( srm -r "$share_dir" ||
|
|
| 265 | - wipe -r "$share_dir" ||
|
|
| 266 | - find "$share_dir" -type f -exec shred -u {} \; ;
|
|
| 267 | - rm -rf "$share_dir"
|
|
| 268 | - ) > /dev/null 2>&1
|
|
| 269 | -else
|
|
| 270 | - mkdir -p "$local_dir"
|
|
| 272 | +# We don't want to mess with symlinks, possibly pointing outside the
|
|
| 273 | +# Browser directory (tor-browser-build#41050).
|
|
| 274 | +# We're not using realpath/readlink for consistency with the (possibly
|
|
| 275 | +# outdated) availability assumptions made elsewhere in this script.
|
|
| 276 | +if ! [ -L "$local_dir" -o -L "$share_dir" ]; then
|
|
| 277 | + if [ -d "$share_dir" ]; then
|
|
| 278 | + for leaky_path in "gvfs-metadata" "recently-used.xbel"; do
|
|
| 279 | + erase_leaky "$share_dir/$leaky_path"
|
|
| 280 | + done
|
|
| 281 | + else
|
|
| 282 | + mkdir -p "$local_dir"
|
|
| 283 | + fi
|
|
| 284 | + ln -fs /dev/null "$share_dir"
|
|
| 271 | 285 | fi
|
| 272 | -ln -fs /dev/null "$share_dir"
|
|
| 286 | +[ -L "$HOME/.cache" ] || erase_leaky "$HOME/.cache/nvidia"
|
|
| 273 | 287 | |
| 274 | 288 | [% IF c("var/tor-browser") -%]
|
| 275 | 289 | SYSARCHITECTURE=$(getconf LONG_BIT)
|